Wait too long before applying security updates and you risk exposing your network to attacks through unpatched vulnerabilities. Move too fast and you increase the chances that you'll have to deal with a faulty update at some point, suffering downtime and probably losing business as you scramble to recover.

And as every IT pro knows, the "just right" path is somewhere in the middle.

With the recent November 2015 update for Windows 10, version 1511, Microsoft introduced a new capability called Windows Update for Business. This feature, available in Windows 10 Pro, Enterprise, and Education only, gives IT pros the option to use the public Windows Update mechanism while customizing the schedule to meet their organization's needs.

But before you begin using Windows Update for Business, it's essential that you understand Microsoft's new servicing model for Windows 10. And that starts with the slightly intimidating diagram shown in Figure A. (Not shown on this diagram is the Long Term Servicing Branch, which is intended for mission-critical devices where any downtime is unacceptable.)

Figure A

In this update cycle, each new Windows 10 build proceeds through different "branches" on its way to the general public. Testers inside Microsoft (including one group known as Elite Dogfooders) and members of the opt-in Windows Insider program use preview builds to help Microsoft identify bugs and fine-tune features.

After a reasonable amount of polishing and bug-busting, a stable version is released to the general public. That's the Current Branch.

If you just accept the default settings in Windows 10, you're assigned to the Current Branch. Updates work much the same as automatic updates have worked in all modern versions of Windows. One difference is that each new update is cumulative. If you turn on a Windows 10 PC that hasn't been used in months, you should have only a single cumulative update to install, as shown in Figure B. (You might have to install a major version upgrade, such as the November update first, but after that you'll see only a single cumulative update.)

Figure B

If you're risk-averse and you'd rather watch and wait as the general population tests new code, there's the Current Branch for Business, which allows you to defer upgrades by an average of four months. The November Update, version 1511, is not a Current Branch for Business build, so if you've chosen the Defer Upgrades option, you won't see that update until sometime next year--after it's gone through more bug-fixing and is declared a Current Branch for Business build.

A separate feature, Windows Update for Business, lets you delay those cumulative updates by one to four weeks. If an update turns out to be troublesome, there's a strong likelihood it will be fixed by the time your users get around to it.

Divide and conquer

The best way to use Windows Update in an organization is to divide your users into groups, with a small group on the Current Branch who receive updates via Windows Update as they're released. Those users are your canaries, able to spot potential problems before they reach the majority of your users.

In fact, you can use Group Policy to roll each month's updates out in waves. Figure C, from a Microsoft whitepaper, shows how to divide an organization into three groups, with Group 2 a week behind Group 1 and the third group two weeks behind.

Figure C

If you see any problems with updates in that first group, you can hit pause while you investigate.

For mission-critical systems where absolute predictability is essential, there's a Long Term Servicing Branch (available only for customers running Windows 10 Enterprise). If you're tempted to think of it as a way to dodge the whole upgrade/update issue, don't. This option is strictly for organizations that are willing to stick with a single release and forgo future feature updates for its entire supported life.

Disclosure

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis. Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books have been distributed under several imprints: Que Publishing (a division of Pearson Education); Microsoft Press (with production and distribution by O'Reilly), and Fair Trade Digital Exchange, where he was briefly a partner. On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate. Ed sometimes receive fees and/or travel expenses for live speeches and webinars from companies and organizations. Acceptance of these fees does not constitute an endorsement of the company's products. Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than seven years ago. All stocks are held in retirement accounts for long-term growth. Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Follow

Topics

More From Tech Pro Research

Kubernetes enables the deployment, scaling, and management of containerized applications. This ebook explains why the ecosystem matters, ways to take advantage of it, and how it may contribute to the ...

As more and more employees request the opportunity to perform some or all of their work from a remote location, the need has grown for organizations to have clearly defined guidelines that govern empl...

Finding the best data analytics software, services, and tools for your business requires extended research and a systematic evaluation of features. This download includes an overview of factors to con...

Design flaws in modern chip design have emerged as a significant threat to the security of data on PCs and mobile devices. This comprehensive ebook delves into two prominent vulnerabilities—Spectre an...

Selecting the right VPN provider for your needs requires a fair bit of legwork because the choices are many and the offerings vary greatly. This quick-glance chart rounds up 15 of the top contenders a...

5G: The next-generation wireless network is finally a reality, and businesses remain eager to embrace this new technology. 5G will be popularized via telecom carriers and the marketing of wire-cutting...

The Internet of Things is delivering data and helpful insights to organizations around the world--but it has also introduced new and potentially devastating vulnerabilities. This ebook offers a compre...

Employees, data, and resources are three of the biggest assets in any organization. All employees should be familiar with the processes for recovering information if it becomes lost, inaccessible, or ...

Choosing a CRM solution requires strategy, thoughtful consideration, and more than a little research. These guidelines and comparison tool provide a customizable framework your business can use to fin...

This pre-packaged presentation contains everything you need to get end users up-to-speed fast about how to use Microsoft PowerPoint -- even if you don't consider yourself a public speaker. It includes...

Numerous studies indicate that personal e-mail use at work is a leading cause of lost productivity. In addition, personal e-mail use can introduce viruses and Trojan programs that aid hackers' attempt...

The organization is subject to data retention requirements resulting from a mix of legal, industry, and business mandates. These data retention requirements govern the storage of the organization's in...

This pre-packaged presentation contains everything you need to instruct end users about how to get the most out of Microsoft Access--even if you don't consider yourself a public speaker. It includes a...

Your organization is subject to a mix of strict legal, ethical, and self-imposed mandates that protect all of the organization's information, records, and data from improper, inappropriate, illegal, a...

This policy provides guidelines for the regulated and secure usage of portable storage devices. Its goal is to protect the organization and its employees from internal and external threats and to prov...

This pre-packaged presentation contains everything you need to instruct end users about how to the most out of the Internet and Internet Explorer--even if you don't consider yourself a public speaker...

Computer games--including those installed from floppy disks, USB "thumb" drives, CDs, DVDs, or accessed online or as part of any massive, multiplayer network--present numerous risks to an organization...

The Harness the Full Power of Windows XP presentation is a prepackaged solution for basic Windows XP training. This pre-packaged presentation contains everything you need to instruct end users about h...

This pre-packaged presentation contains everything you need to get end users up-to-speed fast about how to use Microsoft PowerPoint -- even if you don't consider yourself a public speaker. It includes...

Numerous studies indicate that personal e-mail use at work is a leading cause of lost productivity. In addition, personal e-mail use can introduce viruses and Trojan programs that aid hackers' attempt...

The organization is subject to data retention requirements resulting from a mix of legal, industry, and business mandates. These data retention requirements govern the storage of the organization's in...

This pre-packaged presentation contains everything you need to instruct end users about how to get the most out of Microsoft Access--even if you don't consider yourself a public speaker. It includes a...

Your organization is subject to a mix of strict legal, ethical, and self-imposed mandates that protect all of the organization's information, records, and data from improper, inappropriate, illegal, a...

This policy provides guidelines for the regulated and secure usage of portable storage devices. Its goal is to protect the organization and its employees from internal and external threats and to prov...

This pre-packaged presentation contains everything you need to instruct end users about how to the most out of the Internet and Internet Explorer--even if you don't consider yourself a public speaker...

Computer games--including those installed from floppy disks, USB "thumb" drives, CDs, DVDs, or accessed online or as part of any massive, multiplayer network--present numerous risks to an organization...

The Harness the Full Power of Windows XP presentation is a prepackaged solution for basic Windows XP training. This pre-packaged presentation contains everything you need to instruct end users about h...